The present disclosure generally relates to device authentication, and more specifically, to techniques for ensuring the credibility of devices for global attestation.
Many applications and services today use real-time information about users' locations to provide information and other application related content to users. Some examples of location based applications include applications that allow users to transmit “check-in” at various locations (e.g., restaurants, coffee shops, stores, concerts, and other places or events), mapping and navigation applications, applications that offer incentives and discounts based on a user's location, etc. Given that the location information from a user's device plays a critical part in any location based transaction, location based applications and services typically attempt to verify that the right user is attempting to access the location based service before completing the location based transaction. That is, applications generally attempt to verify that the location information (e.g., global positioning system (GPS) coordinates) received from the user's device corresponds to the device's actual geo-location.
Location based services can use a variety of different mechanisms to attest the location information received from a user. Local attestation, for example, is one such mechanism in which a location based service uses nearby devices in proximity to the device requesting access to the location based service to attest the requesting device's location information. For example, if a device A requests to access a location based service via an access point, device A may send its location information along with identification information of other devices B and C (in proximity to device A) to the location based service. Once received, the location based service can request location information from each of devices B and C and identification information of any devices in proximity to devices B and C. The location based service can cross-check the received location and identification information received from each device in order to determine if device A's location information is accurate.
In some cases, however, a set of devices can collude with each other in order to circumvent the local attestation procedure and misrepresent the true location of a device attempting to access the location based service. Consequently, location based applications and services generally use global attestation as a mechanism to prevent such collusion attempts. Typically, in global attestation, which is based in part on local attestation, the location based service uses the contextual information of the requesting device (e.g., type of previous requests, locations associated with previous requests, etc.) in addition to location reports (of the requesting device) received from nearby devices in proximity to the requesting device in order to attest the requesting device's location information. Global attestation, however, can still be susceptible to malicious actors that may attempt to gain unauthorized access to a location based application or service (e.g., by misrepresenting (or faking) the location information that is submitted to the location based service).